Replace one-shot clock_settime with chrony for continuous guest time sync

Switch from the envd /init endpoint pushing host time via syscall to chronyd reading the KVM PTP hardware clock (/dev/ptp0) continuously. This fixes clock drift between init calls and handles snapshot resume gracefully. Changes: - Add clocksource=kvm-clock kernel boot arg - Start chronyd in wrenn-init.sh before tini (PHC /dev/ptp0, makestep 1.0 -1) - Remove clock_settime logic from envd SetData and shouldSetSystemTime - Remove client.Init() clock sync calls from sandbox manager (3 sites) - Remove Init() method from envdclient (no longer needed) - Simplify rootfs scripts: socat/chrony now come from apt in the container image, only envd/wrenn-init/tini are injected by build scripts
2026-03-26 04:47:44 +06:00
parent 12d1e356fa
commit 6898528096
8 changed files with 37 additions and 234 deletions
--- a/envd/internal/api/init_test.go
+++ b/envd/internal/api/init_test.go
@ -9,7 +9,6 @@ import (
 	"path/filepath"
 	"strings"
 	"testing"
-	"time"

 	"github.com/rs/zerolog"
 	"github.com/stretchr/testify/assert"
@ -59,71 +58,6 @@ func TestSimpleCases(t *testing.T) {
 	}
 }

-func TestShouldSetSystemTime(t *testing.T) {
-	t.Parallel()
-	sandboxTime := time.Now()
-
-	tests := []struct {
-		name     string
-		hostTime time.Time
-		want     bool
-	}{
-		{
-			name:     "sandbox time far ahead of host time (should set)",
-			hostTime: sandboxTime.Add(-10 * time.Second),
-			want:     true,
-		},
-		{
-			name:     "sandbox time at maxTimeInPast boundary ahead of host time (should not set)",
-			hostTime: sandboxTime.Add(-50 * time.Millisecond),
-			want:     false,
-		},
-		{
-			name:     "sandbox time just within maxTimeInPast ahead of host time (should not set)",
-			hostTime: sandboxTime.Add(-40 * time.Millisecond),
-			want:     false,
-		},
-		{
-			name:     "sandbox time slightly ahead of host time (should not set)",
-			hostTime: sandboxTime.Add(-10 * time.Millisecond),
-			want:     false,
-		},
-		{
-			name:     "sandbox time equals host time (should not set)",
-			hostTime: sandboxTime,
-			want:     false,
-		},
-		{
-			name:     "sandbox time slightly behind host time (should not set)",
-			hostTime: sandboxTime.Add(1 * time.Second),
-			want:     false,
-		},
-		{
-			name:     "sandbox time just within maxTimeInFuture behind host time (should not set)",
-			hostTime: sandboxTime.Add(4 * time.Second),
-			want:     false,
-		},
-		{
-			name:     "sandbox time at maxTimeInFuture boundary behind host time (should not set)",
-			hostTime: sandboxTime.Add(5 * time.Second),
-			want:     false,
-		},
-		{
-			name:     "sandbox time far behind host time (should set)",
-			hostTime: sandboxTime.Add(1 * time.Minute),
-			want:     true,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			t.Parallel()
-			got := shouldSetSystemTime(tt.hostTime, sandboxTime)
-			assert.Equal(t, tt.want, got)
-		})
-	}
-}
-
 func secureTokenPtr(s string) *SecureToken {
 	token := &SecureToken{}
 	_ = token.Set([]byte(s))